Vulnerability Name:

CVE-2006-0003 (CCN-25006)

Assigned:2005-11-09
Published:2006-04-11
Updated:2018-10-19
Summary:Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-0003

Source: CCN
Type: SA19583
Microsoft Data Access Components RDS.Dataspace ActiveX Vulnerability

Source: SECUNIA
Type: Vendor Advisory
19583

Source: CCN
Type: SA20719
Hitachi Products MDAC RDS.Dataspace ActiveX Vulnerability

Source: SECUNIA
Type: UNKNOWN
20719

Source: CCN
Type: SECTRACK ID: 1015894
Microsoft Data Access Components RDS.Dataspace Access Control Bug Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015894

Source: CCN
Type: ASA-2006-079
Windows Security Updates for April 2006 - (MS06-013 - MS06-017)

Source: CONFIRM
Type: UNKNOWN
http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html

Source: CONFIRM
Type: UNKNOWN
http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html

Source: CCN
Type: US-CERT VU#234812
RDS.Dataspace ActiveX control bypasses ActiveX security model

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#234812

Source: CCN
Type: Microsoft Security Bulletin MS06-014
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

Source: CCN
Type: Microsoft Security Bulletin MS07-009
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)

Source: OSVDB
Type: UNKNOWN
24517

Source: CCN
Type: OSVDB ID: 24517
Microsoft Data Access Components RDS.Dataspace ActiveX Remote Code Execution

Source: BUGTRAQ
Type: UNKNOWN
20070729 Exploit In Internet Explorer

Source: BUGTRAQ
Type: UNKNOWN
20070730 Re: Exploit In Internet Explorer

Source: BUGTRAQ
Type: UNKNOWN
20070730 RE: Exploit In Internet Explorer

Source: BUGTRAQ
Type: UNKNOWN
20070731 Re: Exploit In Internet Explorer

Source: BUGTRAQ
Type: UNKNOWN
20080128 Exploit in IE6,7

Source: BUGTRAQ
Type: UNKNOWN
20080128 Re: Exploit in IE6,7

Source: BID
Type: UNKNOWN
17462

Source: CCN
Type: BID-17462
Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability

Source: BID
Type: UNKNOWN
20797

Source: CCN
Type: BID-20797
Retired: Microsoft Internet Explorer Unspecified Code Execution Vulnerability

Source: MISC
Type: UNKNOWN
http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-101A
Microsoft Windows and Internet Explorer Vulnerabilities

Source: CERT
Type: Third Party Advisory, US Government Resource
TA06-101A

Source: VUPEN
Type: UNKNOWN
ADV-2006-1319

Source: VUPEN
Type: UNKNOWN
ADV-2006-2452

Source: CCN
Type: Internet Security Systems Protection Alert - April 11, 2006
Microsoft MDAC Remote Code Execution

Source: MS
Type: UNKNOWN
MS06-014

Source: XF
Type: UNKNOWN
mdac-rdsdataspace-execute-code(25006)

Source: XF
Type: UNKNOWN
mdac-rdsdataspace-execute-code(25006)

Source: XF
Type: UNKNOWN
ie-wscriptshell-command-execution(29915)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1204

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1323

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1511

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1742

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1778

Source: EXPLOIT-DB
Type: UNKNOWN
2052

Source: EXPLOIT-DB
Type: UNKNOWN
2164

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_access_components:2.7:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:data_access_components:2.8:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_access_components:2.8:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_access_components:2.5:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_access_components:2.7:sp1:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1204
    V
    		WinXP,SP2 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    2011-05-16
    oval:org.mitre.oval:def:1778
    V
    		Microsoft Windows 2000 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    2011-05-16
    oval:org.mitre.oval:def:1323
    V
    		Server 2003 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    2011-05-16
    oval:org.mitre.oval:def:1511
    V
    		WinXP,SP1 Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    2011-05-16
    oval:org.mitre.oval:def:1742
    V
    		Windows (S03,SP1/XP 64-bit) Microsoft Data Access Components RDS.Dataspace Remote Code Execution Vulnerability
    2011-05-16
    BACK
    microsoft data access components 2.5 sp3
    microsoft data access components 2.7
    microsoft data access components 2.7 sp1
    microsoft data access components 2.8
    microsoft data access components 2.8 sp1
    microsoft data access components 2.8 sp2
    microsoft data access components 2.8 sp1
    microsoft data access components 2.8 sp2
    microsoft data access components 2.5 sp3
    microsoft data access components 2.7 sp1
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft data access components 2.8
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003 server -
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium